Malicious PDF — malware analysis report

Static analysis result for SHA-256 b2fa1054df289a40…

MALICIOUS

PDF

42.3 KB Created: 2019-04-06 14:53:56 +03:00 Authoring application: doPDF Ver 7.3 Build 391 (Windows 7 Home Premium Edition (SP 1) - Version: 6.1.7601 (x64))
MD5: c84bf7e9f46e7460e458e281b3289845 SHA-1: 49975f769c66b2e949a09a880505fe9966dc243b SHA-256: b2fa1054df289a4009a121d3b68c2fb967cf19054fa72acb355244442d617f08
90 Risk Score

Malware Insights

MITRE ATT&CK
T1566.002 Spearphishing Attachment T1204.002 Malicious Link

The PDF file was flagged by a machine learning classifier as malicious. It contains a large number of embedded URLs pointing to various PDF documents on the same domain, suggesting a link farm or a method to distribute further malicious content. No scripts were extracted from this sample.

Machine Learning

  • Nyx PDF Classifier malicious score 0.9027

Heuristics 2

  • Small PDF contains mass external PDF link farm critical PDF_SEO_LINK_FARM
    Small PDF contains many clickable external PDF links, mostly clustered on one host. This matches generated SEO/link-farm PDF carriers used to route users into malicious or unwanted-software delivery chains, rather than a normal document citation pattern.
  • Embedded URL info EMBEDDED_URL
    One or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.
    URL http://www.gorillawalker.com/the-alibi-store-kindle-edition.pdf
    • http://www.gorillawalker.com/a-test-of-wills-the-first-inspector-ian-rutledge-mystery.pdf
    • http://www.gorillawalker.com/desarrolle-su-inteligencia-emocional-y-tendra-exito-en-la-vida.pdf
    • http://www.gorillawalker.com/sovereign-wealth-funds-the-new-intersection-of-money-and-politics.pdf
    • http://www.gorillawalker.com/asthma-your-complete-guide-symptoms-diagnosis-treatments.pdf
    • http://www.gorillawalker.com/north-korean-special-forces-special-warfare.pdf
    • http://www.gorillawalker.com/the-little-book-of-wisdom.pdf
    • http://www.gorillawalker.com/molecular-biology-labfax-volume-1-second-edition-recombinant-dna-vol.pdf
    • http://www.gorillawalker.com/personal-knowledge-towards-a-post-critical-philosophy.pdf
    • http://www.gorillawalker.com/investigating-astronomy.pdf
    • http://www.gorillawalker.com/viktor-s-tale-from-the-terminal-john-williams-clarinet-with.pdf
    • http://www.gorillawalker.com/from-the-ground-up-environmental-racism-and-the-rise-of.pdf
    • http://www.gorillawalker.com/max-and-ellie-boxed-set-books-1-3-bbw-billionaire.pdf
    • http://www.gorillawalker.com/jane-a-novel.pdf
    • http://www.gorillawalker.com/the-infamous-italian-s-secret-baby-harlequin-comics.pdf
    • http://www.gorillawalker.com/kenneth-josephson-a-retrospective.pdf
    • http://www.gorillawalker.com/fracture-mechanics-proceedings-of-the-twelfth-national-symposium-on-fracture.pdf
    • http://www.gorillawalker.com/elections-in-europe-a-data-handbook.pdf
    • http://www.gorillawalker.com/the-shunning-the-play-scirocco-drama.pdf
    • http://www.gorillawalker.com/lily-the-leopard-gecko.pdf
    • http://www.gorillawalker.com/industrial-magic-number-4-in-series-women-of-the-otherworld.pdf
    • http://www.gorillawalker.com/satisfying-the-cuckold-s-hotwife-taken-hard-and-unprotected-by.pdf
    • http://www.gorillawalker.com/particle-physics-a-comprehensive-introduction.pdf
    • http://www.gorillawalker.com/a-monk-s-confession-the-memoirs-of-guibert-of-nogent.pdf
    • http://www.gorillawalker.com/feminist-theory-simone-de-beauvoir-bucknell-lectures-in-literary-theory.pdf
    • http://www.gorillawalker.com/you-can-t-see-the-elephants.pdf
    • http://www.gorillawalker.com/say-it-right-how-to-talk-in-any-business-or.pdf
    • http://www.gorillawalker.com/calcium-understanding-the-elements-of-the-periodic-table.pdf
    • http://www.gorillawalker.com/all-of-us-we-all-are-arameans-unabridged-audible-audio.pdf
    • http://www.gorillawalker.com/shall-we-sing-a-song-for-you.pdf
    • http://www.gorillawalker.com/the-future-of-bioethics.pdf
    • http://www.gorillawalker.com/film-and-video-budgets-mac-disk-second-edition.pdf
    • http://www.gorillawalker.com/home-health-aide-on-the-go-in-service-lessons-vol.pdf
    • http://www.gorillawalker.com/facilitating-to-lead-leadership-strategies-for-a-networked-world-2nd.pdf
    • http://www.gorillawalker.com/rigby-pm-platinum-collection-leveled-reader-6pk-green-levels-12.pdf
    • http://www.gorillawalker.com/the-sindh-way-of-more-kindle-edition.pdf
    • http://www.gorillawalker.com/ntc-s-gulf-arabic-english-dictionary.pdf
    • http://www.gorillawalker.com/christian-at-play.pdf
    • http://www.gorillawalker.com/graphical-models-with-r-use-r.pdf
    • http://www.gorillawalker.com/amphibians-reptiles-and-their-conservation.pdf
    • http://www.gorillawalker.com/asthma-your-complete-guide-symptoms-diagnosis-tr
    • http://www.w3.org/1999/02/22-rdf-syntax-ns#
    • http://purl.org/dc/elements/1.1/
    • http://ns.adobe.com/xap/1.0/
    • http://ns.adobe.com/pdf/1.3/
    • http://ns.adobe.com/xap/1.0/mm/
    • http://www.aiim.org/pdfa/ns/extension/
    • http://www.aiim.org/pdfa/ns/schema#
    • http://www.aiim.org/pdfa/ns/property#
    • http://www.aiim.org/pdfa/ns/id/

Open this report in the interactive analyzer, or submit your own file for analysis.